Creating SNS topics and updating IAM policy for instance scheduler (#…

…5679)
ministryofjustice · Dec 5, 2023 · cb5b1d3 · cb5b1d3
1 parent a5fc06c
commit cb5b1d3
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/terraform/environments/core-shared-services/iam.tf b/terraform/environments/core-shared-services/iam.tf
@@ -161,6 +161,17 @@ data "aws_iam_policy_document" "instance-scheduler-lambda-function-policy" {
     resources = ["*"]
     actions   = ["kms:Decrypt"]
   }
+  statement {
+    sid    = "AllowLambdaToPublishToSNSTopics"
+    effect = "Allow"
+    actions = [
+      "sns:Publish"
+    ]
+    resources = [
+      aws_sns_topic.on_success.arn,
+      aws_sns_topic.on_failure.arn
+    ]
+  }
 }
 
 ## END: IAM for Instance Scheduler Lambda Function

diff --git a/terraform/environments/core-shared-services/instance-scheduler-lambda-function.tf b/terraform/environments/core-shared-services/instance-scheduler-lambda-function.tf
@@ -75,3 +75,22 @@ resource "aws_cloudwatch_event_target" "instance_scheduler_weekly_start_in_the_m
 }
 
 ## END: Start trigger for Instance Scheduler Lambda Function
+
+# sns topics that are the instance scheduler lambda function's destination configuration
+resource "aws_sns_topic" "on_failure" {
+  name = "instance-scheduler-event-notification-topic-on-failure"
+}
+
+resource "aws_sns_topic" "on_success" {
+  name = "instance-scheduler-event-notification-topic-on-success"
+}
+
+# link the sns topics to the pagerduty service
+module "pagerduty_core_alerts" {
+  depends_on = [
+    aws_sns_topic.on_failure, aws_sns_topic.on_success
+  ]
+  source                    = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0"
+  sns_topics                = [aws_sns_topic.on_failure.name, aws_sns_topic.on_success.name]
+  pagerduty_integration_key = local.pagerduty_integration_keys["operations_cloudwatch"]
+}